With the ever-increasing popularity of the Internet, there is an obvious need to provide tools to a user browsing site to decide if sites are trusted. An example is the access control of children to sites having sex or violent contents, or by another example to enter, in a trusted manner, credit card number in electronic purchase transactions over the Web.
One possible approach of addressing this problem is to present symbols indicative of site's is sex or violence degree. For example, consider the scenario of FIG. 1 where a site (10) presents on its Web page (11) a symbol (12) declaring that it is rated by RSAC (Recreational Software Advisory Council) or presents a symbol indicative of, say, IBM logo (14) or Visa approved (15). How can the user know that the site is not cheating? In other words how can the user trust that what the site declares (by means of the specified symbol) is indeed true?
There are various hitherto solutions that purport to address the problem of trusting sites.
For example, PICS (Platform for Internet Content Selection) is a format to rate web pages in some categories (sex, violence etc.) and associated mechanism supported by some browsers to limit access to web sites by constraints on the rated values. Thus, for example, web sites having a sex rate level that is greater than 3 cannot be accessed. It is noted that the proposed approach does not present a symbol indicative of the trust level of the site, but rather defines a “policy” in order to determine whether or not to approve access to the site.
The latter solution has some inherent disadvantages including the fact that the list of categories (e.g. sex, violence) is pre-defined and a site cannot provide another category which the site owner considers appropriate. Moreover, only rudimentary policy that is used in order to authorize or not the access is allowed (e.g. admittance is allowed only if the site rank is greater or equals to a given value).
Another possible approach is to present a pre-defined symbol attesting that the site is indeed trusted in respect of what it claims. This solution is realized in a specific case of site that claims to be secured such that the user can safely transmit personal details including his/her credit card number. In the case of Netscape™ browser, the specified symbol is a “broken key” which is rendered “complete” in the case that the site under question is indeed secured.
In practice, the specified mechanism is accomplished by utilizing the known Secured Electronic Transaction (SSL) protocol, in which a site provides certificate (the subject of which being, say the site's URL signed by a Certificate Authority (CA, referred to, occasionally, also as Certificate Issuer—CI) that is specified by the user (in the user station) as an acceptable CA. If such a certificate is provided, the specified key is rendered complete. In other words, the user specifies at the user's node a list of authorized CA's (user's CA list) and if a site under question provides a certificate signed by a CA in the list, this attests that the site is sufficiently secured from the stand point of the user and a visual indication in the form of “complete key” is displayed at a pre-defined area on the screen. The protocol supports also designation of a certificate chain. Thus, a site is considered secured if it can provide a certificate signed by a CA which is a member in a certificate chain whose root CA is included in the specified user's CA list.
The latter approach is associated with some inherent limitations, including (i) the proposed scheme applies only to a single predefined unconfigurable symbol having a given meaning (i.e. a symbol of a key which is rendered complete to indicate that the specified site is “secured”); (ii) only rudimentary “policy” is supported, i.e. a CA or root CA must be included in the specified list; and (iii) the specified rudimentary policy is associated only with the user node.